June 10, 2021
The 12 months between January 1 and December 31, 2020 were historic in more ways than one. First and most obviously, a once-in-a-century pandemic reshaped the way people live and work. At the same time, and not coincidentally, cybercrime exploded. And it’s ramping up considerably in 2021, on the way to $6 trillion in total losses — largely via account takeovers and identity theft. That’s six times more than in 2020.
Among the most vulnerable targets are contact centers, where security and privacy are often the weakest links. Huge repositories of sensitive customer information – credit card, banking, social security numbers, just to name a few – are often under-protected in a variety of ways. And it’s difficult to trace fraud attempts back to the perpetrators.
“In the last ten years or so, computer security has gotten so much better — with two-factor authentication, for instance — that it’s now much more secure,” says Kleid Gjataj, Principal Contact Center Consultant for Mindsight. “Once that happened, it became much harder to hack accounts to gain access. As a result, the hacking method shifted to social engineering and contact centers became the primary point of attack.”
As much as contact center fraud affects customers (and, in some cases, their friends and family members), it can also be a major hit to companies. According to Pindrop.com, operations costs associated with finding and fighting fraud are often overlooked. Expenses derived from decreased analyst capacity and increased fraud “can devour entire week’s worth of man-hours for an entire team, wasted on the remediation of one account takeover. If your business is targeted by an organized crime ring, there could be as many as 10 professional fraudsters working simultaneously to defraud one organization. In this scenario, as many as 100 accounts would be controlled by fraudsters, resulting in 1600 hours of remediation.”
The primary threat: social engineering
Social engineering is when criminals manipulate human psychology to access confidential information that’s then used to commit fraud or is sold to the highest bidder. Often it’s done via email (in the form of “phishing”) or phone. Sometimes it’s done in-person — showing up at a company and manipulating an employee to get past security to access servers, for instance. In any case, it’s a big problem thanks to unsegmented networks (where detection of attacks can go unnoticed), uneven security vigilance among business partners and under-trained contact center staff.
Mitigating these attacks and efficiently responding to them when they occur requires significantly beefed-up security protocols — physical as well as digital.
Mitigation methods for the Contact Center:
- Do thorough background checks of prospective contact center workers before they have access to customers’ personal information.
- Implement safeguards like swipe cards, badges and biometric locks to prevent unauthorized access by potential fraudsters.
- Assign each contact center worker their own login credentials.
- Don’t skimp on computer virus protection — and update it regularly.
- Update contact center software and tools. Make sure patches are applied as they are released. Although resource and time consuming, patches are intended to address specific weaknesses and vulnerabilities. Additionally, if you’re using an omnichannel approach (which in the age of the frictionless customer experience is a necessity), make sure you understand what type of data sits where and how to find it. Data breaches go unnoticed because often organizations aren’t even aware data has been stolen. If you require security expertise, and don’t wish to hire a full time employee, consider Mindsight virtual CISO
- Perform regular data backups. As noted above, it’s critical to understand your data sources and where they reside and to back them up regularly. Make sure you have a disaster recovery strategy in place and a plan that is tested quarterly at least.
- When it comes to customer authentication, skip the most basic KYC questions (“What street did you grow up on?”) and ask more difficult ones that only the actual person would likely know.
- Use more sophisticated methods of authentication like biometric identification, which requires account holders to confirm their identity through fingerprint technology, voice print software that employs natural language processing or facial recognition.
- Stay compliant with current regulations. Now more than ever, people want to understand what happens with their data and they expect companies to be held accountable when information is not handled accordingly. Since GDPR went into effect, the consequences for mishandling data are far harsher. How does a company mishandle data? One of the leading ways is non-compliance with current regulations.
- Train contact center staffers to recognize potential signs of fraud in fishy phishing emails and phone scams. Show them phishing and social engineering examples. Train them to recognize odd-looking url’s. And communicate that they should be leery of urgent requests – it’s ok they trust their gut instincts and won’t be punished for doing so. Training agents is one of the best preventative measures organizations can take.
- Migrate operations to a cloud contact center platform as security has often been built from the ground up with many of these solutions. Which cloud platform is right for you? Contact a Mindsight expert who can guide you through what is often a challenging process for both contact center leaders and IT leaders.
“In general, hackers aren’t that sophisticated,” Gjataj says. “And contact centers are more secure than they used to be. But nothing is 100 percent fool-proof.” So take the necessary steps in protecting your contact center – which is the heart and soul of that frictionless experience that your customers expect!
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.
About the Expert
Kleid Gjataj is a Principal Consultant at Mindsight, an IT Solutions and Consulting firm located in the Chicago area. With nearly 15 years of experience in both domestic and international consulting, Kleid has helped contact centers of all sizes to bridge the gap between business and technology. His extensive experience with IVR, ACD, screen pop, omnichannel, speech analytics, quality management, outbound dialer, and custom applications is grounded in understanding the critical value of the customer journey. Kleid earned his degree in Network and Communications Management and continues to focus on how contact center optimization helps businesses meet goals, increase efficiencies, and reduce costs.